Microsoft will pay $186k to fix memory holes

Prefers 'defensive tech' over vulnerability bounty-hunting.

The Blue Hat Prize, launched at the BlackHat hacker conference in Las Vegas, was "designed to generate new ideas for defensive approaches to support computer security", Microsoft said.

The first-place winner will need to improve anti-exploit technology such as sandboxes and data-execution prevention that is vulnerable to attacks or develop a different solution.

"Your prototype must solve an open problem in exploit mitigation or significantly improve the effectiveness of existing mitigation solutions. Two examples of open problems that are suitable for consideration in this challenge are address space information disclosures and return-oriented programming. Note that you are not required to address these and you are not limited to these examples."

It must also not impose more than a 5 percent burden on processing and memory and not disrupt application compatibility or useability.

The winner will be available to Microsoft under an "irrevocable, perpetual, royalty-free, worldwide, unlimited, non-exclusive, sub-licenceable, unrestricted right and licence", it said.

Microsoft was one of the few software companies to have refused to pay for software vulnerabilities.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.